e9858c5c723dadfa8825383b0847b164_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9858c5c723dadfa8825383b0847b164_JaffaCakes118
Size

20KB
MD5

e9858c5c723dadfa8825383b0847b164
SHA1

022b3e782a4ea879e0b37cc7ed1f4a1655118647
SHA256

a24aa4c98542864bb247623a784a0ba896627a612e90487b98b1a723aa690cef
SHA512

be5a29ba91d697e4742564768770301b6f7fc97b5aacd2350f99adb0e61aa11bead41e3caea2899cd63432fc26854e85b62b03911e9d0d7ad4754726b1d7d862
SSDEEP

384:arqf2fszCHryVqliGoFgzORvrit24GLX:arqf2EzCLBliCzaritLGr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9858c5c723dadfa8825383b0847b164_JaffaCakes118

Files

e9858c5c723dadfa8825383b0847b164_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e4fc855efa9f23b2e13e12ec642f01cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
WSCEnumProtocols
WSCGetProviderPath

kernel32

EnterCriticalSection
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
HeapAlloc
HeapFree
ExpandEnvironmentStringsA
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
HeapDestroy
HeapCreate
GetLastError
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsW
HeapReAlloc
LeaveCriticalSection
VirtualQuery
CreateMutexW
FreeLibrary
WaitForSingleObject
WriteFile
CreateFileW
DeleteCriticalSection
ReleaseMutex
CloseHandle
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

Exports

Exports

GetLspGuid
WSPStartup

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 794B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ